Topic
DNSBL
About: DNSBL is a research topic. Over the lifetime, 17 publications have been published within this topic receiving 477 citations.
Papers
Proceedings Article•
7 Jul 2006TL;DR: It is found that bots are performing reconnaissance on behalf of other bots, and counterintelligence techniques that may be useful for early bot detection are suggested.
Abstract: Botnets--networks of (typically compromised) machines--are often used for nefarious activities (e.g., spam, click fraud, denial-of-service attacks, etc.). Identifying members of botnets could help stem these attacks, but passively detecting botnet membership (i.e., without disrupting the operation of the botnet) proves to be difficult. This paper studies the effectiveness of monitoring lookups to a DNS-based blackhole list (DNSBL) to expose botnet membership.
We perform counter-intelligence based on the insight that botmasters themselves perform DNSBL lookups to determine whether their spamming bots are blacklisted. Using heuristics to identify which DNSBL lookups are perpetrated by a botmaster performing such reconnaissance, we are able to compile a list of likely bots. This paper studies the prevalence of DNSBL reconnaissance observed at a mirror of a well-known blacklist for a 45- day period, identifies the means by which botmasters are performing reconnaissance, and suggests the possibility of using counter-intelligence to discover likely bots. We find that bots are performing reconnaissance on behalf of other bots. Based on this finding, we suggest counterintelligence techniques that may be useful for early bot detection.
274 citations
Proceedings Article•
1 Jan 2006
TL;DR: Many Internet Service Providers, anti-virus companies, and enterprise email vendors use Domain Name System-based Blackhole Lists to keep track of IP addresses that originate spam, so that future emails sent from these IP addresses can be rejected out-of-hand.
Abstract: Many Internet Service Providers (ISPs), anti-virus companies, and enterprise email vendors use Domain Name System-based Blackhole Lists (DNSBLs) to keep track of IP addresses that originate spam, so that future emails sent from these IP addresses can be rejected out-of-hand. DNSBL operators populate blocking lists based on complaints from recipients of spam, who report the IP address of the relay from which the unwanted email was sent. To be effective in blocking spam, information in the blacklist must have the following properties: 1. Completeness. The blacklist must contain a reasonable
117 citations
TL;DR: New anti-spam tools needed to fight against new spam sending wave as a new discovered approach uses cheap domain names and cheap hosting services to imitate legal mail servers.
Abstract: Background: A new way of spam sending was discovered. Old spam techniques not effective now, spammers find new ways. Analysis: The analysis shows that spammers find new ways to bypass very efficient tools to catch spam like DNSBL, SPF and some others. Findings: New discovered approach uses cheap domain names and cheap hosting services to imitate legal mail servers. Conclusion: New anti-spam tools needed to fight against new spam sending wave.
14 citations
13 Jun 2005
TL;DR: CAFE (collaborative agents for filtering e-mails) is a multiagent system to collaboratively filter spam from users' mail stream and makes a classification of new messages into three categories: ham (good messages), spam and spam-presumed.
Abstract: CAFE (collaborative agents for filtering e-mails) is a multiagent system to collaboratively filter spam from users' mail stream. CAFE associates a proxy agent with each user, and this agent represents a sort of interface between the user's e-mail client (i.e. Microsoft Outlook, Eudora, etc.) and the e-mail server. With the support of other types of agents, the proxy agent makes a classification of new messages into three categories: ham (good messages), spam and spam-presumed. The system analyzes every single e-mail using essentially three kinds of approach: a first approach based on the usage of a hash function, a static approach using DNSBL (DNS-based black lists) databases and a dynamic approach based on a Bayesian algorithm.
12 citations
1 Jan 2016
TL;DR: This chapter delivers an overview of traditional mechanisms to detect and stop unwanted emails, and explains the extent to which they can be useful to block scam, and point out evasion techniques that help spammers and scammers survive.
Abstract: This chapter delivers an overview of traditional mechanisms to detect and stop unwanted emails. These mechanisms include email authentication (e.g., DKIM, SPF, DMARC), blacklisting (e.g., DNSBL), and content-based spam filtering (e.g., Naive Bayes Classifier). We explain the extent to which they can be useful to block scam, and point out evasion techniques that help spammers and scammers survive.
11 citations
Related Topics (5)
Performance Metrics
| Year | Papers |
|---|---|
| 2021 | 1 |
| 2016 | 2 |
| 2013 | 1 |
| 2012 | 2 |
| 2011 | 1 |
| 2009 | 3 |